Facebook: Now sharing your home address with developers

Do you publish your home address online? In managing our online lives, many of us quite advisedly draw the line the line at our home address. But if you've ever spent an hour polishing your Facebook profile and compulsively filled every box – you might remember putting your home address.

That's useful for friends that want to post you a birthday present perhaps, but Facebook has caused no small amount of concern by quietly opening this data field to developers. A post on Saturday by Jeff Bowen in Facebook's developer support team explained that users' addresses and mobile phone numbers are being made available on the development platform through a number of APIs.

Users would have to accept a new app and allow it access to personal information. Contact details of friends would not be accessible unless they too accepted the app.

But the primary concern, as neatly summarised by Graham Cluley on the Sophos blog, is that rogue app developers could efficiently harvest this very valuable information by developing apps that scrape this contact information and use it for spam or cold-calling.

"Facebook is already plagued by rogue applications that post spam links to users' walls, and point users to survey scams that earn them commission – and even sometimes trick users into handing over their cellphone numbers to sign them up for a premium rate service," he wrote last night. "You have to ask yourself – is Facebook putting the safety of its 500+ million users as a top priority with this move?"

This is clearly the downside of Facebook's open apps policy, though it's extremely unlikely Facebook would reverse that and head down the Apple road of approving apps – which has a whole set of different problems. Cluley suggests developers should only be granted access to this information if it proven to be a valid use, or that users should be asked to approve sharing this data.

Perhaps a halfway "traffic light system" of data might be better? Green for odes to your favourite shampoo (ka-ching!), amber for photos of your baby and red for your home address. Use of code red data would need to be approved by Facebook and would be highlighted when users are faced with the allow/don't allow dialogue box that they nearly always allow anyway.

Facebook's future – if it is to meet the increasingly inflated aspirations of its "incentivised" investors – is to use a combination of its scale and the acres of intimate information it holds about all of us to find the real money in targeted advertising. The strategy is to gradually open our personal data more and more, making open information the norm, desensitising us to any uncomfortable feelings we might have had about our personal data being released into the wild. In a few years, we'll have no qualms at all about getting our home address out there. Perhaps.

Until that point, review the information you have on your profile: facebook.com / profile / edit profile / contact information.

• Update: Facebook reminds us that there's a difference between rogue applications and apps with a genuine reason for accessing your address or phone number. A spokesperson gave the example of an airline's e-commerce app that could be more useful if it could notify users about last minute flight changes.

"On Facebook you have absolute control over what information you share, who you share it with and when you want to remove it. Developers can now request permission to access a person's address and mobile phone number to make applications built on Facebook more useful and efficient. You need to explicitly choose to share your data before any app or website can access it and no private information is shared without your permission. As an additional step for this new feature, you're not able to share your friends' address or mobile information."